Examples with X509ExtendedKeyManager javax.net.ssl.X509ExtendedKeyManager used on opensource projects

Search in sources :

Example 11 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project netty by netty.

the class SSLEngineTest method testSupportedSignatureAlgorithms.

@MethodSource("newTestParams")
@ParameterizedTest
public void testSupportedSignatureAlgorithms(SSLEngineTestParam param) throws Exception {
    final SelfSignedCertificate ssc = new SelfSignedCertificate();
    final class TestKeyManagerFactory extends KeyManagerFactory {

        TestKeyManagerFactory(final KeyManagerFactory factory) {
            super(new KeyManagerFactorySpi() {

                private final KeyManager[] managers = factory.getKeyManagers();

                @Override
                protected void engineInit(KeyStore keyStore, char[] chars) {
                    throw new UnsupportedOperationException();
                }

                @Override
                protected void engineInit(ManagerFactoryParameters managerFactoryParameters) {
                    throw new UnsupportedOperationException();
                }

                @Override
                protected KeyManager[] engineGetKeyManagers() {
                    KeyManager[] array = new KeyManager[managers.length];
                    for (int i = 0; i < array.length; i++) {
                        final X509ExtendedKeyManager x509ExtendedKeyManager = (X509ExtendedKeyManager) managers[i];
                        array[i] = new X509ExtendedKeyManager() {

                            @Override
                            public String[] getClientAliases(String s, Principal[] principals) {
                                fail();
                                return null;
                            }

                            @Override
                            public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
                                fail();
                                return null;
                            }

                            @Override
                            public String[] getServerAliases(String s, Principal[] principals) {
                                fail();
                                return null;
                            }

                            @Override
                            public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
                                fail();
                                return null;
                            }

                            @Override
                            public String chooseEngineClientAlias(String[] strings, Principal[] principals, SSLEngine sslEngine) {
                                assertNotEquals(0, ((ExtendedSSLSession) sslEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                assertNotEquals(0, ((ExtendedSSLSession) sslEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                return x509ExtendedKeyManager.chooseEngineClientAlias(strings, principals, sslEngine);
                            }

                            @Override
                            public String chooseEngineServerAlias(String s, Principal[] principals, SSLEngine sslEngine) {
                                assertNotEquals(0, ((ExtendedSSLSession) sslEngine.getHandshakeSession()).getPeerSupportedSignatureAlgorithms().length);
                                assertNotEquals(0, ((ExtendedSSLSession) sslEngine.getHandshakeSession()).getLocalSupportedSignatureAlgorithms().length);
                                return x509ExtendedKeyManager.chooseEngineServerAlias(s, principals, sslEngine);
                            }

                            @Override
                            public java.security.cert.X509Certificate[] getCertificateChain(String s) {
                                return x509ExtendedKeyManager.getCertificateChain(s);
                            }

                            @Override
                            public PrivateKey getPrivateKey(String s) {
                                return x509ExtendedKeyManager.getPrivateKey(s);
                            }
                        };
                    }
                    return array;
                }
            }, factory.getProvider(), factory.getAlgorithm());
        }
    }
    clientSslCtx = wrapContext(param, SslContextBuilder.forClient().keyManager(new TestKeyManagerFactory(newKeyManagerFactory(ssc))).trustManager(InsecureTrustManagerFactory.INSTANCE).sslProvider(sslClientProvider()).sslContextProvider(clientSslContextProvider()).protocols(param.protocols()).ciphers(param.ciphers()).build());
    serverSslCtx = wrapContext(param, SslContextBuilder.forServer(new TestKeyManagerFactory(newKeyManagerFactory(ssc))).trustManager(InsecureTrustManagerFactory.INSTANCE).sslContextProvider(serverSslContextProvider()).sslProvider(sslServerProvider()).protocols(param.protocols()).ciphers(param.ciphers()).clientAuth(ClientAuth.REQUIRE).build());
    SSLEngine clientEngine = null;
    SSLEngine serverEngine = null;
    try {
        clientEngine = wrapEngine(clientSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        serverEngine = wrapEngine(serverSslCtx.newEngine(UnpooledByteBufAllocator.DEFAULT));
        handshake(param.type(), param.delegate(), clientEngine, serverEngine);
    } finally {
        cleanupClientSslEngine(clientEngine);
        cleanupServerSslEngine(serverEngine);
        ssc.delete();
    }
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) PrivateKey(java.security.PrivateKey) SSLEngine(javax.net.ssl.SSLEngine) KeyManagerFactorySpi(javax.net.ssl.KeyManagerFactorySpi) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyStore(java.security.KeyStore) KeyManagerFactory(javax.net.ssl.KeyManagerFactory) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) ManagerFactoryParameters(javax.net.ssl.ManagerFactoryParameters) Principal(java.security.Principal) Socket(java.net.Socket) MethodSource(org.junit.jupiter.params.provider.MethodSource) ParameterizedTest(org.junit.jupiter.params.ParameterizedTest)

Example 12 with X509ExtendedKeyManager

use of javax.net.ssl.X509ExtendedKeyManager in project netty by netty.

the class SslContextBuilderTest method testContextFromManagers.

private static void testContextFromManagers(SslProvider provider) throws Exception {
    final SelfSignedCertificate cert = new SelfSignedCertificate();
    KeyManager customKeyManager = new X509ExtendedKeyManager() {

        @Override
        public String[] getClientAliases(String s, Principal[] principals) {
            return new String[0];
        }

        @Override
        public String chooseClientAlias(String[] strings, Principal[] principals, Socket socket) {
            return "cert_sent_to_server";
        }

        @Override
        public String[] getServerAliases(String s, Principal[] principals) {
            return new String[0];
        }

        @Override
        public String chooseServerAlias(String s, Principal[] principals, Socket socket) {
            return null;
        }

        @Override
        public X509Certificate[] getCertificateChain(String s) {
            X509Certificate[] certificates = new X509Certificate[1];
            certificates[0] = cert.cert();
            return new X509Certificate[0];
        }

        @Override
        public PrivateKey getPrivateKey(String s) {
            return cert.key();
        }
    };
    TrustManager customTrustManager = new X509ExtendedTrustManager() {

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s, Socket socket) throws CertificateException {
        }

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s, SSLEngine sslEngine) throws CertificateException {
        }

        @Override
        public void checkClientTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        public void checkServerTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
        }

        @Override
        public X509Certificate[] getAcceptedIssuers() {
            return new X509Certificate[0];
        }
    };
    SslContextBuilder client_builder = SslContextBuilder.forClient().sslProvider(provider).keyManager(customKeyManager).trustManager(customTrustManager).clientAuth(ClientAuth.OPTIONAL);
    SslContext client_context = client_builder.build();
    SSLEngine client_engine = client_context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(client_engine.getWantClientAuth());
    assertFalse(client_engine.getNeedClientAuth());
    client_engine.closeInbound();
    client_engine.closeOutbound();
    SslContextBuilder server_builder = SslContextBuilder.forServer(customKeyManager).sslProvider(provider).trustManager(customTrustManager).clientAuth(ClientAuth.REQUIRE);
    SslContext server_context = server_builder.build();
    SSLEngine server_engine = server_context.newEngine(UnpooledByteBufAllocator.DEFAULT);
    assertFalse(server_engine.getWantClientAuth());
    assertTrue(server_engine.getNeedClientAuth());
    server_engine.closeInbound();
    server_engine.closeOutbound();
}
Also used : SelfSignedCertificate(io.netty.handler.ssl.util.SelfSignedCertificate) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager) SSLEngine(javax.net.ssl.SSLEngine) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) KeyManager(javax.net.ssl.KeyManager) X509ExtendedKeyManager(javax.net.ssl.X509ExtendedKeyManager) Socket(java.net.Socket) X509Certificate(java.security.cert.X509Certificate) TrustManager(javax.net.ssl.TrustManager) X509ExtendedTrustManager(javax.net.ssl.X509ExtendedTrustManager)

Aggregations

X509ExtendedKeyManager (javax.net.ssl.X509ExtendedKeyManager)12 X509Certificate (java.security.cert.X509Certificate)6 KeyManager (javax.net.ssl.KeyManager)6 X509KeyManager (javax.net.ssl.X509KeyManager)5 IOException (java.io.IOException)4 Socket (java.net.Socket)4 KeyFactory (java.security.KeyFactory)4 KeyPair (java.security.KeyPair)4 KeyPairGenerator (java.security.KeyPairGenerator)4 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)4 PrivateKey (java.security.PrivateKey)4 PublicKey (java.security.PublicKey)4 CertificateException (java.security.cert.CertificateException)4 DHPublicKey (javax.crypto.interfaces.DHPublicKey)4 DHParameterSpec (javax.crypto.spec.DHParameterSpec)4 DHPublicKeySpec (javax.crypto.spec.DHPublicKeySpec)4 KeyManagerFactory (javax.net.ssl.KeyManagerFactory)3 SSLEngine (javax.net.ssl.SSLEngine)3 SelfSignedCertificate (io.netty.handler.ssl.util.SelfSignedCertificate)2 BigInteger (java.math.BigInteger)2
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial